[dak/master] signature checking changes
Adjust the gpgv signature check. Add one more case of broken key to detect,
EXPKEYSIG. From gnupg docs:
EXPKEYSIG <long keyid> <username>
The signature with the keyid is good, but the signature was
made by an expired key. The username is the primary one
encoded in UTF-8 and %XX escaped.
Also, handle KEYEXPIRED right. The first argument given back is NOT the keyid,
it is the timestamp when the key expired. From gnupg docs:
KEYEXPIRED <expire-timestamp>
The key has expired. expire-timestamp is the expiration time
in seconds after the epoch.
Note, that TIMESTAMP may either be a number with seconds since
epoch or an ISO 8601 string which can be detected by the
presence of the letter 'T' inside.
So lets go and see if we find a T, if not convert the epoch to something
more easily human readable in our reject message.
Signed-off-by: Joerg Jaspert <joerg@debian.org>
---
daklib/utils.py | 16 ++++++++++++++--
1 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/daklib/utils.py b/daklib/utils.py
index 47c80f3..4a71d01 100755
--- a/daklib/utils.py
+++ b/daklib/utils.py
@@ -26,6 +26,7 @@ import codecs, commands, email.Header, os, pwd, re, select, socket, shutil, \
sys, tempfile, traceback, stat
import apt_pkg
import database
+import time
from dak_exceptions import *
################################################################################
@@ -1231,11 +1232,22 @@ used."""
if keywords.has_key("NODATA"):
reject("no signature found in %s." % (sig_filename))
bad = 1
+ if keywords.has_key("EXPKEYSIG"):
+ args = keywords["EXPKEYSIG"]
+ if len(args) >= 1:
+ key = args[0]
+ reject("Signature made by expired key ßx%s" % (key))
+ bad = 1
if keywords.has_key("KEYEXPIRED") and not keywords.has_key("GOODSIG"):
args = keywords["KEYEXPIRED"]
+ expiredate=""
if len(args) >= 1:
- key = args[0]
- reject("The key (0x%s) used to sign %s has expired." % (key, sig_filename))
+ timestamp = args[0]
+ if timestamp.count("T") == 0:
+ expiredate = time.strftime("%Y-%m-%d", time.gmtime(timestamp))
+ else:
+ expiredate = timestamp
+ reject("The key used to sign %s has expired on %s" % (sig_filename, expiredate))
bad = 1
if bad:
--
1.5.6.5
Reply to: